什么时候(如果有的话) eval 不是邪恶的?
可能的重复:
什么时候(如果有的话)eval 不是邪恶的?
我听说过很多地方都表明 PHP 的 eval 函数通常不是答案。鉴于 PHP 5.3 的 LSB 和闭包,我们没有理由依赖 eval 或 create_function。
在任何可能的情况下,eval 是 PHP 5.3 中最好(唯一?)的答案吗?
这个问题并不是关于 eval 一般而言是否是邪恶的,因为它显然不是。
答案摘要:
* Evaluating numerical expressions (or other languages "safe" subsets of PHP)
* Unit testing
* Interactive PHP "shell"
* Deserialization of trusted var_export
* Some template languages
* Creating backdoors for administers and/or hackers
* Compatibility with < PHP 5.3
* Checking syntax (possibly not safe)
Possible Duplicate:
When (if ever) is eval NOT evil?
I've heard many places that PHP's eval function is often not the answer. In light of PHP 5.3's LSB and closures we're running out of reasons to depend on eval or create_function.
Is there is any conceivable cases where eval is the best (only?) answer in PHP 5.3?
This question is not about whether eval is evil in general, as it obviously is not.
Summary of Answers:
* Evaluating numerical expressions (or other languages "safe" subsets of PHP)
* Unit testing
* Interactive PHP "shell"
* Deserialization of trusted var_export
* Some template languages
* Creating backdoors for administers and/or hackers
* Compatibility with < PHP 5.3
* Checking syntax (possibly not safe)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我倾向于只说“每当评估的代码不受用户输入影响” - 但我不确定为什么您会使用您已经应该知道的 eval() 代码。
在模板系统中使用 eval() 是我多次偶然发现的,但在我看来,它是 include() 或 require() (在这些情况下)的替代方案,并且改变解决方案似乎是合理的不使用 eval() 也能得到相同的结果。
I would be inclined to just say 'whenever the evaluated code isn't affected by user input' - but I'm not sure why you would eval() code you already should know, then.
Using eval() in templating systems is something I've stumbled upon a lot of times, but it seems to me like it's an alternative to include() or require() (in those cases) and it seems plausible that altering the solutions could bring the same results without the use of eval().
克服PHP的缺点。
在我们的项目中,我们需要一个类的
eval来扩展自动加载中的动态类。虽然这看起来有点代码味道,但我不会详细介绍,但对于我们透明地支持许多略有不同的项目来说,这是绝对必要的步骤。
To overcome PHP's shortcommings.
In our project we need
evalfor a class to extend a dynamic class in autoloading.While it may seem as a code smell, I won't go into details, but it's an absolutely necessary step for us to transparently support many slightly differing projects.